docs: audit and archive completed Journals and Badges projects

documentation/MODULE__AE_Journals_Config_Map.md

@@ -53,9 +53,23 @@ This document tracks all available settings across the three levels of the Journ
 | `sort` | integer | Manual sort order weight. | Manual (Done) |
 | `archive_on` | datetime | Scheduled date for automatic archiving. | Manual (Done) |
 | `private` | boolean | Trigger for E2EE (Encryption). | Manual (Done) |
+| `content_encrypted` | encrypted string | Encrypted entry content written during a full save when `private` is enabled. | Generated on save |
+| `history_encrypted` | encrypted string | Encrypted entry history when history encryption is available. | Generated on save |
+| `passcode_hash` | string | Entry-level secondary-auth field; comparison logic is not yet implemented. | Manual (Done) |
 | `alert` | boolean | Trigger for visual "Alert" state. | Manual (Done) |
 | `group` | string | Grouping key for the list view. | Manual (JSON only) |
 
+## Encryption Behavior and Gaps
+
+1. Full entry saves combine the journal `passcode` and `private_passcode` to encrypt
+	plaintext content when the entry's `private` flag is enabled.
+2. Decryption prefers a passcode typed in the current session, then falls back to the
+	journal `private_passcode`; the journal `passcode` is combined with that private key.
+3. `passcode_hash` secondary-auth comparison is pending and must not be described as enforced.
+4. Quick Add currently forces `private: false`, and bulk import creates plaintext entries
+	without encryption fields. Use the full editor to enable encryption until those workflows
+	are updated.
+
 ## 📐 Data Normalization Rules
 To prevent infinite reactivity loops and trivial save cycles, the following normalizations are applied before comparison:
 1.  **Strings:** Trimmed and `null` treated as `""`.